Network Infrastructure Engineer
Role summary
The Network Infrastructure Engineer will be responsible for supporting and advancing the State's enterprise networking environment. This role involves designing, deploying, and operating new network fabrics, identity-driven access systems, and observability platforms. Key responsibilities include managing Cisco Nexus ACI, Cisco Catalyst, Software-Defined Access (SDA), Cisco ISE, and integrating with container platforms like OpenShift and Cilium. The engineer will also deploy and manage observability tools such as ThousandEyes, Cyber Vision, and DNA Spaces, troubleshoot complex L2/L3 issues, and implement Palo Alto Networks security solutions. A strong understanding of TCP/IP, routing, switching, and network security fundamentals is essential, along with the ability to create clear documentation and work in mission-critical environments.
Seeking Network Infrastructure Engineers to support and advance the State's enterprise networking environment. The resources will play a critical role in designing, deploying, and operating new LDC (Liquor Distribution Center) fabrics, networks, indentify-driven access systems, and observability platforms. Along with working closely with the infrastructure team to ensure the State's network services remain reliable, scalable, secure, and aligned with enterprise modernization goals, the Engineers will be expected to:
- Design, implement, and maintain Cisco Nexus platforms running ACI mode, including VRFs, Bridge Domains, EPGs/ESGs, L3Out, contracts, and fabric policies.
- Integrate ACI with virtualization and container platforms including Red Hat OpenShift VMM and Isovalent/Cilium.
- Configure and optimize RoCEv2 within the ACI fabric for high-performance, low-latency workloads.
- Conduct advanced troubleshooting of ACI fabric health, faults, endpoint learning, contracts, and multi-tenant segmentation.
- Develop and maintain fabric documentation, standards, and operational procedures.
- Cisco Catalyst & Software-Defined Access.
- Deploy and support Cisco Catalyst platforms within campus environments.
- Design and maintain Software-Defined Access (SDA) architectures, including SDA Wired Fabric and Fabric-Enabled Wireless.
- Manage fabric underlay and overlay, policy mapping, authentication integrations, and assurance operations.
- Collaborate with wireless engineers to optimize coverage, performance, and policy enforcement across SDA
- Configure and administer Cisco Identity Services Engine (ISE) for TACACS+ device administration, authentication and authorization policy sets, and endpoint profiling.
- Integrate Cyber Vision intelligence into profiling, segmentation, and access control workflows.
- Support Zero Trust efforts through identity-centric segmentation and policy integration across ACI and SDA fabrics.
- Deploy and manage ThousandEyes for end-to-end visibility, routing path analysis, and performance monitoring.
- Implement and support Cisco Cyber Vision for OT/IoT asset visibility, device classification, and behavior analysis.
- Manage DNA Spaces for location analytics, telemetry ingestion, device behavior, and wireless intelligence.
- Provide meaningful insights to leadership using data from these observability platforms.
- Troubleshoot complex L2/L3 network issues across multiple environments including VLANs, OSPF, BGP, STP, and multicast.
- Designing, and implementing Palo Alto Networks security solutions across enterprise environments.
- Create and maintain documentation including architecture diagrams, standards, runbooks, and asset inventories.
Assist in modernization planning, platform upgrades, procurement processes, and statewide technology initiatives.
### Requirements
Skills
Required/Preferred
Years
Candidate Experience
Hands-on experience with Cisco ACI in production environments.
Required
15
Deep knowledge of ACI constructs (VRF, BD, EPG, ESG, L3Out, contracts).
Required
15
Experience integrating ACI with OpenShift VMM and Cilium/Isovalent.
Required
15
Proficiency with Cisco Catalyst platforms and SDA fabric technologies.
Required
15
Experience administering Cisco ISE including TACACS+ and policy-set based NAC.
Required
15
Strong understanding of ThousandEyes, Cyber Vision, and DNA Spaces or comparable tools.
Required
15
Solid command of core TCP/IP, routing, switching, QoS, and network security fundamentals.
Required
15
Ability to develop clear diagrams, documentation, and architectural artifacts.
Required
15
Strong analytical and communication skills with the ability to work in fast-paced, mission-critical environments.
Required
15
Cisco certifications such as CCNP Data Center, CCNP Enterprise, CCIE, or equivalent experience.
Preferred
Hands-on experience with container networking and virtualization integrations.
Preferred
Familiarity with NIST frameworks and state-level cybersecurity requirements.
Preferred
Experience with network automation tools (Python, Ansible, REST APIs).
Preferred
Prior work in state government or large enterprise network environments.
Preferred
PCCSA – Palo Alto Networks Certified Cybersecurity Associate Foundational security, NGFW basics, threats, App-ID, and policy.
Preferred
PCNSA – Palo Alto Networks Certified Network Security Administrator
Preferred
Focuses on NGFW configuration, security profiles, NAT, App-ID, URL filtering, WildFire
Preferred
### Benefits
Benefit Package includes:
- Paid Sick Time
- Insurance for Medical, Dental, Vision and Life Available
- 401(k) including Employer Match
- HSA, Short-term & Long-term Disability Available
- We are an EEO/Veterans/Disabled employer
Similar roles
Network Infrastructure EngineerRadiant Digital Solutions LLC · Clinton, Mississippi, United States · Onsite
Network Infrastructure EngineerBooz Allen Hamilton · Fort Belvoir, Virginia, United States · Onsite- Network Infrastructure EngineerMercor · New York, New York, United States · Remote
- Network Infrastructure EngineerBooz Allen Hamilton · Colorado Springs, Colorado, United States · Onsite
- Senior Network Infrastructure EngineerStep Up For Students · United States · Remote
